renamed svn_for_members_only to svn_read_access and made required changed in AccessHandler.pm

This commit is contained in:
hyung-hwan 2014-05-26 06:18:30 +00:00
parent f50ad4c3e1
commit ac6a5f4110
2 changed files with 32 additions and 14 deletions

View File

@ -188,10 +188,12 @@ allow_set_time_limit = "no"
signin_for_code_search = "yes"
;------------------------------------------------------------------------------
; For a public project, subversion access is limited to members only when
; this item is set to yes. When no, this access is open to everyone.
; Subversion read access is limited to the specified user type. The types
; include anonymous, authenticated, member. This applies to a public project
; only. Write access to any projects and read access to a non-public project
; require membership regardless of this item.
;------------------------------------------------------------------------------
svn_for_members_only = "yes"
svn_read_access = "member"
;------------------------------------------------------------------------------
; customized footer

View File

@ -73,7 +73,7 @@ sub get_config
database_driver => $cfg->param ('database_driver'),
database_prefix => $cfg->param ('database_prefix'),
svn_for_members_only => $cfg->param ('svn_for_members_only')
svn_read_access => $cfg->param ('svn_read_access')
};
return $config;
@ -238,16 +238,29 @@ sub is_project_public
return (((scalar(@row) > 0 && $row[0] eq 'Y')? 1: 0), undef);
}
sub is_read_method
{
my ($method) = @_;
return $method eq "GET" || $method eq "HEAD" ||
$method eq "OPTIONS" || $method eq "REPORT" ||
$method eq "PROPFIND";
}
sub __handler
{
my ($r, $cfg, $dbh) = @_;
my ($empty, $base, $repo, $dummy) = split ('/', $r->uri(), 4);
my $method = uc($r->method());
my $is_method_r = is_read_method ($method);
my $author;
my $userid = undef;
my $password = undef;
my $public = undef;
my $member = undef;
my $errmsg = undef;
if ($r->proxyreq() == Apache2::Const::PROXYREQ_PROXY)
{
$author = $r->headers_in->{'Proxy-Authorization'};
@ -272,13 +285,9 @@ sub __handler
if (!defined($userid)) { $userid = ""; }
if (!defined($password)) { $password = ""; }
if ($method eq "GET" ||
$method eq "HEAD" ||
$method eq "OPTIONS" ||
$method eq "REPORT" ||
$method eq "PROPFIND")
if ($is_method_r)
{
my ($public, $errmsg) = is_project_public ($dbh, $cfg->{database_prefix}, $repo);
($public, $errmsg) = is_project_public ($dbh, $cfg->{database_prefix}, $repo);
if ($public <= -1)
{
# failed to contact the authentication server
@ -287,8 +296,9 @@ sub __handler
}
elsif ($public >= 1)
{
if (lc($cfg->{svn_for_members_only}) eq 'no')
if (lc($cfg->{svn_read_access}) eq 'anonymous')
{
# grant an anonymous user the read access.
return Apache2::Const::OK;
}
}
@ -301,7 +311,6 @@ sub __handler
}
elsif ($cfg->{login_model} eq 'DbLoginModel')
{
my $errmsg;
($auth, $errmsg) = authenticate_database (
$dbh, $cfg->{database_prefix}, $userid, $password);
}
@ -318,7 +327,14 @@ sub __handler
}
# authentication successful.
my ($member, $errmsg) = is_project_member ($dbh, $cfg->{database_prefix}, $repo, $userid);
if ($is_method_r && $public >= 1 && lc($cfg->{svn_read_access}) eq 'authenticated')
{
# grant read access to an authenticated user regardless of membership
# this applies to a public project only
return Apache2::Const::OK;
}
($member, $errmsg) = is_project_member ($dbh, $cfg->{database_prefix}, $repo, $userid);
if ($member <= -1)
{
$r->log_error ("Cannot check project membership - $errmsg");